Warm Boot Blog

venerdì 22 luglio 2016

This week I was a guest on the Snappy Sprint in Heidelberg, hosted by Canonical, because I'm the maintainer of snaps packages on Arch Linux.

Actually with official packages on Arch Linux, you can only use snaps without confinement (aka you can only install packages in devmode) and this is bad for security since any snap is not confined and it can do (almost) anything it want.

The reason is that snap for confinement uses the ubuntu-patched version of apparmor not available in mainline kernel yet.

So this week I worked in order to port the apparmor patches to the linux-lts kernel so I create some AUR package in order to have confinement working.
I also had to make upstream fix some wierd bugs, eventually it was a complete success and confimenent works perfectly.

If you are curious and you want to do that, you just need to install snapd-confinement (and dependencies) from AUR.

If you don't want to spend lots of time compiling the kernel you can just use my repository. To do that just execute the following commands as root: